PHP has a standard library for building and consuming Web Services using the XML-RPC communication protocol. That library is the one that is used by the examples in the book, and is not affected by the reported vulnerability.

Because this standard library is not enabled in a default PHP installation, many open source projects that require XML-RPC functionality have chosen to use an alternative library written entirely in PHP, which will run on most PHP configurations. Such alternatives include the PEAR XML-RPC module and the XML-RPC for PHP project. Both of these libraries are affected by the vulnerability.

Updated versions of these libraries are now available for download, and affected open source projects are quickly releasingadvisories and updated versions to address the problem.

Kevin began developing for the Web in 1995 and is a highly respected technical author. Kev is a world-renowned author, speaker and JavaScript expert. He has a passion for making web technology easy to understand by anyone. Yes, even you!